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IN THE CLAIMS 

The claim set is intended to reflect amendment of previously pending claims 1, 10, 18, 
28, and 34, and addition of new claims 38-42. The specific amendments to individual claims are 
detailed in the following marked up set of claims. 



1 . (Currently Amended) A security mc deling system comprising: 

a network configuration moc ule having network configuration data; and 
a simulator coupled to the n< twork configuration module for simulating and 
analyzing to simulate and analyze n stworks based on the network configuration data, 
wherein the simulator includes a nei work vulnerabilities database , and wherein the 
network vulnerabilities database includes: 



a plurality of known 



network vulnerabilities, wherein each network 



vulnerability includes a service to which it applies, defense conditions that might 



close the vulnerability, and resource and state conditions needed to exercise the 
vulnerability. 

2. (Original) The system of claim 1, wherein the network vulnerabilities database includes 
network vulnerability, attack and exploitation data. 



3. (Original) The system of claim 2, wherein the network configuration data and the 
network vulnerability, attack and exploitation) data are stored in database tables and the data is 
processable by a computer. 



4. (Original) The system of claim 1, wherein the network configuration module comprises 
network configuration data output by a network configuration discovery tool. 



5. (Original) The system of claim 1, 
interface. 



when in the simulator includes a graphical user 
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6. (Original) The system of claim 2, wherein the simulator includes a means for receiving 
the network vulnerability, attack and exploitation data. 



wherein the simulator includes a defender and an 



7. (Original) The system of claim 1 , 
attacker user interface. 



8. (Original) The system of claim 1 , wherein the security modeling system is portable. 



(Original) A computer game composing: 

a network configuration module having network configuration data; 



a simulator coupled to the network configuration module for simulating and analyzing 
networks based on the network configuration, wherein the simulator includes a network 
vulnerabilities database, and wherein the simulator includes a graphical user interface for playing 
the game. 

10. (Currently Amended) A security modeling system comprising 



a network configuration module to 
a simulator coupled to the network 

networks based on the network configuralfi 

vulnerabilities database; and 

a mission objectives module coup 

module includes critical resource inform; 

involved in a specific attack scenario . 



ving network configuration data; 
configuration module for simulating and analyzing 
on, wherein the simulator includes a network 

ed to the simulator, wherein the mission objectives 
ion used to determine network components that are 



1 1 . (Original) The system of claim 101 wherein the network vulnerabilities database includes 
network vulnerability, attack and exploitation data. 



12. (Original) The system of claim 11, Mierein the network configuration data and the 
network vulnerability, attack and exploitatio^ data is stored in database tables and the data is 
processable by a computer. 
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13. (Original) The system of claim 10, wherein £ie simulator includes a graphical user 
interface. 



14. (Original) The system of claim 10, wherein the critical resource information includes 
goals, expectations and constraints for simulating the network. 



15. (Original) The system of claim 10, wherein the simulator includes a means for receiving 
the network vulnerability, attack and exploitation data. 

16. (Original) The system of claim 10, wherein the security modeling system is portable. 

17. (Original) The system of claim 10,jwherein the simulator includes a defender and an 
attacker interface. 



1 8. (Currently Amended) A method if analyzing a computer network using a security 
modeling system, wherein the security modeling system includes a database of network 
vulnerability information, the method ccLiprising: 

providing a network configuration of a computer network; 

simulating the network based or the network configuration; and 



determining vulnerabilities of tl 



e simulated network using the vulnerability information 



stored in the database, wherein the database includes a plurality of known network 



vulnerabilities, wherein each network 



ulnerabilitv includes: 



a plurality of known network vulnerabilities, wherein each network 



vulnerability includes a 



service to which it applies, defense conditions that might 



close the vulnerability. 



vulnerability. 



nd resource and state conditions needed to exercise the 



19. (Original) The method of claim 18, wherein providing a network configuration includes 
receiving a configuration as the output of a network discovery tool. 



# 
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20. (Original) The method of claim 18, whereimproviding a network configuration includes 
receiving a data file which includes a configuration of the computer network. 

2 1 . (Original) The method of claim 1 8, wherein simulating the network includes: 
receiving mission objectives; 
storing the objectives; and 

simulating the network based on the network configuration and mission objectives. 



22. (Original) The method of claim 21 , wherein determining vulnerabilities includes 
modifying the simulation using a graphical user interface. 



23. (Original) The method of claim 22, wherein modifying the simulation includes 
dynamically interacting with an attacker. 



24. (Original) The method of claim 22, wherein modifying the simulation includes 
dynamically interacting in real time with the security modeling system. 



25. (Original) The method of claim 23, wherein modifying the simulation includes 
dynamically interacting in real time with the security modeling system. 



26. (Original) The method of clairi 
computing security results, wherein the 



21, wherein determining vulnerabilities includes 
security results includea security score. 



27. (Original) The method of claii n 2 1 , wherein determining vulnerabilities of the simulated 
network includes updating the vulnerasilities database when vulnerabilities are detected. 



J 



AMENDMENT AND RESPONSE UNDER 37 CFR §1.111 

Serial Number: 09/483127 
Filing Date: January 14, 2000 

Title: NETWORK SECURITY MODELING SYSTEM AND METHOD 



Page 6 
Dkt: 105.176US1 



28. (Currently Amended) A method of opposing netwpflc attackers comprising: 

receiving a network configuration, wherein the network configuration comprises 

computer hardware and software component information; 

receiving mission objectives including critical resource information used to determine 

network components that are involved in a specific at/ack scenario ; 
receiving commands from a network attacken 

simulating the network based on the commands received from the network attacker, 

wherein simulating the network includes determining results as a function of the network 

I 

configuration, mission objectives and stored vulnerability data for the described computer 
hardware and software components; and 

responding to the network attacker, wherein'responding to the attacker includes imposing 
barriers, providing response messages and protecting the network. 



29. (Original) The method of claim 28, wherein simulating the network further includes 
receiving commands from a defender and determining results based on the defender commands. 



30. (Original) The method of claim 28, wherein receiving configuration includes receiving 
critical resource information, wherein the criticil resource information includes goals, 
expectation and constraints for simulating the network. 



3 1 . (Original) The method of claim 28, and further includes modifying the simulation using 
a graphical user interface. 



32. (Original) The method of claim 3 1 , Wherein determining vulnerabilities includes 
computing security results which include a s scurity score. 



33. (Original) The method of claim 31, 
attack actions which include commands thai 
change services or nodes, and commands thpt 



wherein receiving commands includes receiving 
simulate service functionality, commands that 
exploit vulnerabilities. 



J 
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34. (Currently Amended) A security modeling system formulating objective networks 
comprising: 

a simulator having a plurality of databases, whereiiVthe plurality of databases include 
mission objectives tables including information used to determine network components that are 
involved in a specific attack scenario , vulnerability tables, and network configuration tables, 
wherein the network configuration tables include network configuration data; and 

a graphical user interface which operates with the simulator to allow input and output to 

clients. 

35. (Original) The system of claim 34, wherein' the mission objectives tables include mission 
tables, mission files tables and mission services tables. 

36. (Original) The system of claim 34, wherein the vulnerability tables include service 
tables. 

37. (Original) The system of claim 34, whJrein the network configuration tables include 
configuration tables, defense tables, filter tabids, node tables, routing tables and password tables. 

38. (New) The computer game of claim 9, wherein the simulator further comprises: 
an attacker interface to transmit real-time network status information to an attacker 

during a simulation; and 

a defender interface to transmit real-time network status information to a defender during 
a simulation. 

39. (New) The computer game of clailn 9 further comprising: 
a mission objectives module coupled to the simulator, wherein the mission objectives 

module includes critical resource information used to determine network components that are 
involved in a specific attack scenario. 
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40. (New) A machine-readable medium that provides instructions, which when executed by 
a machine, cause said machine to perform operations comprising: 

providing a network configuration of a computer network; 

simulating the network based on the network configuration; and 

determining vulnerabilities of the simulated network using the vulnerability information 
stored in the database, wherein the database includes: 

a plurality of known network vulnerabilities, wherein each network vulnerability 
includes the service to which it applies, defens^ conditions that might close the 
vulnerability, and resource and state conditions needed to exercise the vulnerability. 



41 . (New) The machine-readable medium of cpim 40, wherein simulating the network 
includes: 

receiving mission objectives; 
storing the objectives; and 

simulating the network based on the network configuration and mission objectives. 

42. (New) The machine-readable medium of claim 41, wherein mission objectives include 
critical resource information used to determine network components that are involved in a 
specific attack scenario. 



